What is a Rootkit?
If you’ve ever heard the term “rootkit” used, it probably hasn’t been under very good circumstances. Most people first heard of the term when Sony BMG was discovered to have installed rootkit software on their music CDs as an anti-pirating device. But what is a rootkit program, what can it do to your computer, and how to protect yourself against them?
A rootkit is a program that installs itself in a computer’s root directory and allows someone other than the computer’s owner to take control of the computer system. As you might guess, this “someone” is none too likely to have good intentions.
(Yes, some rootkits have been used for constructive purposes. But if there’s one on your computer, and you didn’t either put it there or explicitly have someone else put it there–it’s probably not being used towards ends beneficial to you.)
A rootkit generally masquerades as a utility program, and may even intertwine itself with beneficial software. It generally has its own hidden utilities which allow outside users to access the infected computer.
One common malicious way this works is by creating a backdoor into your computer. This allows a person from a remote location to attack or otherwise access your computer at will. Usually this involves an attacker having administrator access to your computer. Think your credit card, password, and personal information is safe? Not when if you’ve got a backdoor, it’s not. A malicious individual can even change your computer’s password, so that you can’t even get on it!
One way for a malicious user to make use of a rootkit on your computer, is to use your system to further abuse or hack other systems or networks. They will use your computer as a “base of operations” for hacking, cracking, or otherwise abusing other systems, while making the abuse look like it comes from your computer!
Not only are rootkits good at collecting information and using your computer as a proxy–they also help hide other malicious programs such as keyloggers, viruses, and all kinds of spyware. So this one malicious program not only can abuse your safety and security by itself–it also opens the door for all manner of other programs to do the same.
What can you do to avoid downloading this especially insidious form of malware/spyware? As always, be careful of anything you download. Check what you’re downloading against Google and any spyware protection you may have.
Of course, given the insidious “007” nature of the rootkit, this isn’t always enough. You definitely need to perform regular scans of your computer. You’ll also want to make sure you anti-virus and anti-spyware editions are kept up to date.
Finally, don’t forget to upload your reports every time you scan your computer. That way, your reports can be analyzed, giving you a second tier of detection and protection from malicious rootkit software.